Unix on Panther: Accessing the Internet

Authors' note: A network lets computers communicate with each other, sharing files,
email, and much more. Unix systems have been networked for more than 25 years, and
Macintosh systems have always had networking as an integral part of the system
design from the very first system released in 1984.

This chapter introduces Unix networking: remotely accessing your Mac from
other computers and copying files between computers. It also shows you how the
Connect to Server capability of Terminal can make common connections a breeze
once you've set them up the first time.

Remote Logins

There may be times when you need to access
your Mac, but you can't get to the desk it's sitting on. If you're working on a
different computer, you may not have the time or inclination to stop what you're
doing, walk over to your Mac, and log in (laziness may not be the only reason
for this: perhaps someone else is using your Mac when you need to get on it or
perhaps your Mac is miles away). Mac OS X's file sharing (System Preferences →
Sharing) can let you access your files, but there may be times you want to use
the computer interactively, perhaps to move files around, search for a
particular file, or perform a system maintenance task.

If you enable Remote Login under System Preferences -> Sharing, you can access
your Mac's Unix shell from any networked computer that can run SSH (http://www.ssh.com/), OpenSSH (http://www.openssh.org/), or a compatible
application such as PuTTY (a Windows
implementation of SSH available at http://www.chiark.greenend.org.uk/~sgtatham/putty/).
SSH and OpenSSH can be installed on many Unix systems, and OpenSSH is included
with many Linux distributions, including Mac OS X.

Figure
8-1 shows how remote login programs such as ssh work. In a
local login, you interact directly with the shell program running on your local
system. In a remote login, you run a remote-access program on your local system;
that program lets you interact with a shell program on the remote system.

Figure 8-1. Local login, remote login

When you enable Remote Login, the Sharing panel will display instructions for
logging into your Mac from another computer. This message is shown in Figure
8-2.

Figure 8-2. Instructions for remote access to your Mac

To log into your Mac from a remote Unix system, use the command displayed in
the Sharing panel, as shown in the following sample session where a user on a
Red Hat Linux system is connecting to a Mac OS X computer (the first time you
connect, you'll be asked to vouch for your Mac's authenticity):

To log in to your Mac from a Windows machine using PuTTY,
launch the PuTTY application, specify SSH (the default is to use the
Telnet protocol described later), and type in your Mac OS X system's
IP address as shown in the Mac's Sharing panel. PuTTY will prompt you
for your Mac OS X username and password. Figure
8-3 shows a sample PuTTY session.

Figure 8-3. Connecting to Mac OS X with PuTTY

Web and FTP Access

You can
also use the Sharing preferences panel to enable your system's web and FTP
server. Start Personal Web Sharing to enable the web server. Other users can
access the main home page (located in /Library/WebServer/Documents)
using http://address, where address is your machine's IP address or hostname (see the sidebar "Remote Access and the
Outside World" if you are using an Airport Base Station or other router between
your network and the Internet).

Remote Access and the Outside World

If your Macintosh has an IP address that was
assigned by an AirPort Base Station, then it's very likely that your
machine will not be visible to the outside world. Because of this, you
will only be able to connect to your Mac from machines on your network.
You can allow remote users to connect by using the AirPort Admin Utility
→ Show All Settings → Port Mapping (for Remote Login via ssh, you must
map port 22 to your Macintosh; use port 80 for Personal Web Sharing).
Other SoHo (Small Office/Home Office) gateways may support this feature
as well.

If you use this technique, the IP address shown on the Sharing panel
will be incorrect. You should use your AirPort Base Station's WAN
address when you connect from a computer outside your
network.

Start FTP Access to enable remote users to use FTP to connect to your system.
Again, remote users should use your machine's IP address or hostname to
connect.

Remote Access to Other Unix Systems

You can also connect to other systems from Mac OS X. To do
so, launch the Terminal application. Then start a program that connects to the
remote computer. In addition to ssh, some typical programs for
connecting over a computer network are telnet, rsh (remote shell), or
rlogin (remote login). All of these are supported and included with
Mac OS X. In any case, when you log off the remote computer, the remote login
program quits and you get another shell prompt from your Mac.

The syntax for most remote login programs is:

program-name remote-hostname

For example, when Dr. Nelson wants to connect to the remote computer named
biolab.medu.edu, she'd first make a local login to her Mac named
fuzzy by launching Terminal. Next, she'd use the telnet
program to reach the remote computer. Her session would look something like
this:

Her accounts have shell prompts that include the hostname. This reminds her
when she's logged in remotely. If you use more than one system but don't have
the hostname in your prompt, see Section 1.3.1 in Chapter 1 or Section 10.1 in
Chapter 10 to find out how to add it.

WARNING: Actually, Dr. Nelson would be unwise to use
telnet to connect to the remote system, because ssh
is a much more secure alternative and is highly preferred. However, some
remote sites still stick with telnet, and while it's important to
encourage them to switch to ssh-only access, you will still
sometimes find yourself using telnet, as shown
here.

Also, when you're logged on to a remote system, keep in mind that the
commands you type will take effect on the remote system, not your local one! For
instance, if you use lpr to print a file, the printer it comes out
of may be very far away.

The programs rsh (also called
rlogin) and ssh generally don't give you a
login: prompt. These programs assume that your remote username is
the same as your local username. If they're different, give your remote username
on the command line of the remote login program, as shown in the next
example.

You may be able to log in without typing your remote password or
passphrase.[1]
Otherwise, you'll be prompted after entering the command line.

Following are four sample ssh and rsh command
lines. The first pair shows how to log in to the remote system,
biolab.medu.edu, when your username is the same on both the local and
remote systems. The second pair shows how to log in if your remote username is
different (in this case, jdnelson); note that the Mac OS X versions of
ssh and rsh may support both syntaxes shown depending
on how the remote host is configured:

About Security

Today's Internet and other public networks have
users who try to break into computers and snoop on other network users.
While the popular media calls these people hackers, most hackers are self-respecting
programmers who enjoy pushing the envelope of technology. The evildoers
are better known as crackers. Most remote
login programs (and file transfer programs, which we cover later in this
chapter) were designed 20 years ago or more, when networks were friendly
places with cooperative users. Those programs (many versions of
telnet and rsh, for instance) make a cracker's
job easy. They transmit your data, including your password, across the
network in a way that allows even the most inexperienced crackers to
read it. Worse, some of these utilities can be configured to allow
access without passwords.

SSH is different; it was designed with security in
mind. It sends your password (and everything else transmitted or
received during your SSH session) in a secure way. A good place to get
more details on SSH is the book SSH: The Secure Shell, by
Daniel J. Barrett and Richard Silverman (O'Reilly).